Lucene search
K

157 matches found

OSV
OSV
added 2025/02/18 10:15 p.m.4 views

UBUNTU-CVE-2024-56171

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be...

9.8CVSS6.6AI score0.0113EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2025/02/18 12:0 a.m.9 views

libxml2 -- Use After Free

[email protected] reports: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a craft...

9.8CVSS7AI score0.0113EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/18 12:0 a.m.17 views

CVE-2024-56171

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be...

7.8CVSS0.0113EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/18 12:0 a.m.13 views

CVE-2024-56171

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be...

7.8CVSS6.9AI score0.0113EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/02 12:0 a.m.4 views

Huang Yaoshi Pharmaceutical Management Software 安全漏洞

NWT Huang Yaoshi Pharmaceutical Management Software is a pharmaceutical management software from NWT. A security vulnerability exists in Huang Yaoshi Pharmaceutical Management version 16.0 and prior versions that originates from a file upload via the /XSDService.asmx interface that allows arbitra...

10CVSS7AI score0.00556EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/04/11 12:0 a.m.7 views

The vulnerability of the authentication library for exchanging identification data according to the SAML2 standard, related to improper verification of the cryptographic signature, allows a perpetrator to bypass the signature verification and gain access to protected information.

The vulnerability of the authentication library for exchanging identification data according to the SAML2 standard, implemented by PySAML2, is related to the XML signature encoding scheme used. This scheme does not verify whether the SAML document conforms to the XML schema. Exploiting this...

7.8CVSS6.9AI score0.01078EPSS
Exploits0References5Affected Software2
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.19 views

Fedora: Security Advisory for msv (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02578EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.16 views

Fedora: Security Advisory for xmlunit (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02578EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.22 views

Fedora: Security Advisory for xerces-j2 (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02578EPSS
Exploits3References2
Fedora
Fedora
added 2024/03/07 10:33 p.m.29 views

[SECURITY] Fedora 40 Update: xerces-j2-2.12.2-10.fc40

Welcome to the future! Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface XNI, a complete framework for building parser components and configurations that is extremely modul...

8.8CVSS8.9AI score0.02578EPSS
Exploits3
OSV
OSV
added 2024/02/06 12:30 a.m.2 views

GHSA-9GP8-6CG8-7H34 Spring Security's spring-security.xsd file is world writable

The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical...

5.5CVSS6.4AI score0.00216EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2024/01/18 6:21 p.m.80 views

USN-6590-1: Xerces-C++ vulnerabilities

It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could...

8.8CVSS6.9AI score0.09503EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2023/08/31 9:47 p.m.20 views

DDFFileParser is vulnerable to XXE Attacks

Impact DDFFileParser and DefaultDDFFileValidator and so ObjectLoader are vulnerable to XXE AttacksProcessing. DDF file is a LWM2M format used to store LWM2M object description. Leshan users are impacted only if they parse untrusted DDF files e.g. if they let external users provide their own model...

9.8CVSS6.6AI score0.00568EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2023/08/31 6:15 p.m.60 views

CVE-2023-41034

Eclipse Leshan is a device management server and client Java implementation. In affected versions DDFFileParser and DefaultDDFFileValidator and so ObjectLoader are vulnerable to XXE Attacks. A DDF file is a LWM2M format used to store LWM2M object description. Leshan users are impacted only if the...

9.8CVSS7.1AI score0.00568EPSS
Exploits0References5
OSV
OSV
added 2023/04/24 9:15 p.m.9 views

AZL-26281 CVE-2023-28484 affecting package libxml2 for versions less than 2.10.4-1

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c...

6.5CVSS6.7AI score0.01086EPSS
Exploits1References1
Fedora
Fedora
added 2022/09/24 12:16 a.m.49 views

[SECURITY] Fedora 37 Update: python-lxml-4.9.1-1.fc37

lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries. It provides safe and convenient access to these libraries using the ElementTree It extends the ElementTree API significantly to offer support for XPath, RelaxNG, XML Schema, XSLT, C14N and much more...

7.5CVSS6.7AI score0.02462EPSS
Exploits1
OpenVAS
OpenVAS
added 2022/09/19 12:0 a.m.12 views

Fedora: Security Advisory for python-lxml (FEDORA-2022-ed0eeb6a20)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.8AI score0.02462EPSS
Exploits1References2
Fedora
Fedora
added 2022/09/18 1:16 a.m.39 views

[SECURITY] Fedora 36 Update: python-lxml-4.7.1-3.fc36

lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries. It provides safe and convenient access to these libraries using the ElementTree It extends the ElementTree API significantly to offer support for XPath, RelaxNG, XML Schema, XSLT, C14N and much more.To contact the project, ...

7.5CVSS6.7AI score0.02462EPSS
Exploits1
OpenVAS
OpenVAS
added 2022/01/23 12:0 a.m.17 views

Fedora: Security Advisory for python-lxml (FEDORA-2022-7129fbaeed)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.2CVSS7.3AI score0.02456EPSS
Exploits0References2
Huntr
Huntr
added 2022/01/15 3:28 a.m.22 views

in stanfordnlp/corenlp

Description When a malicious schema XML file is passed to getValidatingXmlParser, the parser is vulnerable to XXE when the SchemaFactory parses the schema XML file. In...

7.5CVSS1.1AI score0.01217EPSS
Exploits1References1
Rows per page
Query Builder